Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

BYOD Policies Lag, Despite Employee Use of Personal Devices

A survey indicates nearly 60 percent of employees are making up their own bring your own device (BYOD) rules as they go along.

In spite of all the risks incurred by allowing foreign devices to access company data, a mere 39 percent of respondents work under the restrictions of a bring your own device (BYOD) policy, according to a survey by Software Advice.

An additional 20 percent of respondents said they don’t know if they do or not, indicating nearly 60 percent of employees are making up their own BYOD rules as they go along--or more alarmingly, not following any at all.

The survey also revealed more than half of respondents have transferred company files to their own devices, and just 49 percent of respondents implement security updates when they’re released.

Meanwhile, 35 percent of respondents admitted to transferring files, but said that the files contained nothing sensitive. In addition, 48 percent of respondents say they’ve never transferred files onto personal devices, and 18 percent said they had never transferred files.

Further reading

A third of respondents maintain very poor security on their devices, meaning they either only update them occasionally, never do or have no idea whether their systems are patched.

"Policies are going to vary from firm to firm but, for example, you are always going to want strong password controls in place," Daniel Humphries, researcher for Software Advice, told eWeek. "Employees have to keep their own devices patched, fixing the latest security vulnerabilities by installing updates immediately, and corporate data should be encrypted in case the device is stolen."

Humphries also recommended there be a clear separation of personal and corporate data on the device- companies can provide corporate apps for their data.

"You definitely want to get your lawyers to look over the document to avoid ambiguity--and liability," he added. "These are just some of the big things to consider. The good news is that there are lots of good templates and guides online and it’s worth taking the time to explore them, to pick what applies to you."

While almost half (49 percent) said they update their security immediately upon receiving an update, 9 percent said they were unsure how frequently they update and a substantial 11 percent said they never update at all.

This lack of concern for security is even more troubling when viewed in the light of a recent Gartner study that revealed a quarter of business users admitted to having had a security issue with their private device in 2013, but only 27 percent of those respondents felt obliged to report this to their employer.

"I think companies have to signal clearly to their employees that security is a priority for everybody, including the upper echelons. Some hastily banged out policy lists aren’t going to change anything, nor are a few email bulletins," Humphries said. "Education has to be ongoing. Some experts claim that tying the issues to their employees’ own experience is key--that if you teach people how to be secure about what matters to them in their own lives, then eventually that will pay off in their work life."

The report surveyed 385 adults in the U.S. who use their own devices, like smartphones, tablets, laptops and PCs, to access resources on their company’s internal networks.